Re: [RFC][PATCH 7/11] security: AppArmor - Misc (capabilities, data structures)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 19 Apr 2006 10:50:02 -0700
Tony Jones <[email protected]> wrote:

> This patch implements three distinct chunks.
> - list management, for profiles loaded into the system (profile_list) and for 
>   the set of confined tasks (subdomain_list)
> - the proc/pid/attr interface used by userspace for setprofile (forcing
>   a task into a new profile) and changehat (switching a task into one of it's
>   defined sub profiles).  Access to change_hat is normally via code provided
>   in libapparmor. See the overview posting for more information in change hat.
> - capability utility functions (for displaying capability names)
> 
> 
> Signed-off-by: Tony Jones <[email protected]>
> 
> ---
>  security/apparmor/capabilities.c |   54 ++++++
>  security/apparmor/list.c         |  268 +++++++++++++++++++++++++++++++
>  security/apparmor/procattr.c     |  327 +++++++++++++++++++++++++++++++++++++++
>  3 files changed, 649 insertions(+)
> 
> --- /dev/null
> +++ linux-2.6.17-rc1/security/apparmor/capabilities.c
> @@ -0,0 +1,54 @@
> +/*
> + *	Copyright (C) 2005 Novell/SUSE
> + *
> + *	This program is free software; you can redistribute it and/or
> + *	modify it under the terms of the GNU General Public License as
> + *	published by the Free Software Foundation, version 2 of the
> + *	License.
> + *
> + *	AppArmor capability definitions
> + */
> +
> +#include "apparmor.h"
> +
> +static const char *cap_names[] = {
> +	"chown",
> +	"dac_override",
> +	"dac_read_search",
> +	"fowner",
> +	"fsetid",
> +	"kill",
> +	"setgid",
> +	"setuid",
> +	"setpcap",
> +	"linux_immutable",
> +	"net_bind_service",
> +	"net_broadcast",
> +	"net_admin",
> +	"net_raw",
> +	"ipc_lock",
> +	"ipc_owner",
> +	"sys_module",
> +	"sys_rawio",
> +	"sys_chroot",
> +	"sys_ptrace",
> +	"sys_pacct",
> +	"sys_admin",
> +	"sys_boot",
> +	"sys_nice",
> +	"sys_resource",
> +	"sys_time",
> +	"sys_tty_config",
> +	"mknod",
> +	"lease"
> +};
> +
> +const char *capability_to_name(unsigned int cap)
> +{
> +	const char *name;
> +
> +	name = (cap < (sizeof(cap_names) / sizeof(char *))
> +		   ? cap_names[cap] : "invalid-capability");
> +
> +	return name;
> +}
> --- /dev/null
> +++ linux-2.6.17-rc1/security/apparmor/list.c
> @@ -0,0 +1,268 @@
> +/*
> + *	Copyright (C) 1998-2005 Novell/SUSE
> + *
> + *	This program is free software; you can redistribute it and/or
> + *	modify it under the terms of the GNU General Public License as
> + *	published by the Free Software Foundation, version 2 of the
> + *	License.
> + *
> + *	AppArmor Profile List Management
> + */
> +
> +#include <linux/seq_file.h>
> +#include "apparmor.h"
> +#include "inline.h"
> +
> +/* list of all profiles and lock */
> +static LIST_HEAD(profile_list);
> +static rwlock_t profile_lock = RW_LOCK_UNLOCKED;
> +
> +/* list of all subdomains and lock */
> +static LIST_HEAD(subdomain_list);
> +static rwlock_t subdomain_lock = RW_LOCK_UNLOCKED;

This would be a good candidate for RCU.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux